System and method for cyber attacks analysis and decision support

US 9,426,169 B2
Filed: 02/14/2013
Issued: 08/23/2016
Est. Priority Date: 02/29/2012
Status: Active Grant

First Claim

Patent Images

1. A method for cyber attack risk assessment, the method comprising operating at least one hardware processor for:

automatically conducting a cyber space external intelligence process that comprises periodically gathering intelligence on the state of a cyber landscape which is external to an organization for which the method is performed, wherein the intelligence comprises;

(a) data on threat agents that have motivation and capability to carry out a cyber attack, the data comprising at least one of;

objectives of the threat agents, capabilities of the threat agents, and resources of the threat agents, and(b) data on attack methods that are used for gaining access to critical components in a system or data in the system, wherein the gaining of access is with the intent of at least one of vandalizing, stealing, and denying access to the critical components in the system or the data in the system, respectively;

collecting organizational profile data from a user, wherein the organizational profile data comprises;

types of computerized defensive controls employed by the organization, a maturity of each of the computerized defensive controls comprising a level of fulfillment capability for each of the computerized defensive controls with respect to a control policy of the organization, and organizational assets each pertaining to a business environment and each associated with at least one of the computerized defensive controls;

computing a cyber attack risk of the organization in real time and automatically, by continuously conducting the cyber space external intelligence process and comparing the cyber space external intelligence to the organizational profile data, to compute a cyber attack risk score for each of the organizational assets; and

issuing an overachievement alert when any of the levels of fulfillment of any of the computerized defensive controls exceeds the control policy of the organization, in accordance with a recommended scoring rule, to thereby prevent a waste of fulfillment effort.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for cyber attack risk assessment, the method including operating at least one hardware processor for: collecting global cyber attack data from a networked resource; collecting organizational profile data from a user, wherein the organizational profile data includes: types of computerized defensive controls employed by the organization, a maturity of each of the computerized defensive controls, and organizational assets each pertaining to a business environment and each associated with at least one of the computerized defensive controls; and computing a cyber attack risk of the organization in real time, by continuously performing the collecting of global cyber attack data and comparing the global cyber attack data to the organizational profile data, to compute a cyber attack risk score for each of the organizational assets.

63 Citations

View as Search Results

20 Claims

1. A method for cyber attack risk assessment, the method comprising operating at least one hardware processor for:
- automatically conducting a cyber space external intelligence process that comprises periodically gathering intelligence on the state of a cyber landscape which is external to an organization for which the method is performed, wherein the intelligence comprises;
  
  (a) data on threat agents that have motivation and capability to carry out a cyber attack, the data comprising at least one of;
  
  objectives of the threat agents, capabilities of the threat agents, and resources of the threat agents, and(b) data on attack methods that are used for gaining access to critical components in a system or data in the system, wherein the gaining of access is with the intent of at least one of vandalizing, stealing, and denying access to the critical components in the system or the data in the system, respectively;
  
  collecting organizational profile data from a user, wherein the organizational profile data comprises;
  
  types of computerized defensive controls employed by the organization, a maturity of each of the computerized defensive controls comprising a level of fulfillment capability for each of the computerized defensive controls with respect to a control policy of the organization, and organizational assets each pertaining to a business environment and each associated with at least one of the computerized defensive controls;
  
  computing a cyber attack risk of the organization in real time and automatically, by continuously conducting the cyber space external intelligence process and comparing the cyber space external intelligence to the organizational profile data, to compute a cyber attack risk score for each of the organizational assets; and
  
  issuing an overachievement alert when any of the levels of fulfillment of any of the computerized defensive controls exceeds the control policy of the organization, in accordance with a recommended scoring rule, to thereby prevent a waste of fulfillment effort.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method according to claim 1, further comprising providing a risk simulator configured to compute an effect of improving one or more of the computerized defensive controls on the cyber attack risk score.
  - 3. The method according to claim 2, wherein said risk simulator is further configured to perform the computing of the effect for each of different ones of the computerized defensive controls, and to compute a tradeoff between improvement of different ones of the computerized defensive controls and the cyber attack risk score.
  - 4. The method according to claim 1, further comprising displaying a dashboard comprising the cyber attack risk score for each of the organizational assets.
  - 5. The method according to claim 4, wherein said displaying of the dashboard further comprises enabling a drill-down into one or more of the organizational assets, to display one or more computerized defensive controls associated with the one or more of the organizational assets.
  - 6. The method according to claim 4, wherein the dashboard comprises a graphical, dynamic gauge for each of the organizational assets.
  - 7. The method according to claim 1, further comprising computing a success probability score of one or more attack agents indicated by the cyber space external intelligence.
  - 8. The method according to claim 1, further comprising computing a success probability score of one or more attack methods indicated by the cyber space external intelligence.

9. A non-transient computer readable medium having stored thereon instructions that, when executed by at least one hardware processor, cause the at least one hardware processor to:
- automatically conducting a cyber space external intelligence process that comprises periodically gathering intelligence on the state of a cyber landscape which is external to an organization for which the method is performed, wherein the intelligence comprises;
  
  (a) data on threat agents that have motivation and capability to carry out a cyber attack, the data comprising at least one of;
  
  objectives of the threat agents, capabilities of the threat agents, and resources of the threat agents, and(b) data on attack methods that are used for gaining access to critical components in a system or data in the system, wherein the gaining of access is with the intent of at least one of vandalizing, stealing, and denying access to the critical components in the system or the data in the system, respectively;
  
  collect organizational profile data from a user, wherein the organizational profile data comprises types of computerized defensive controls employed by the organization, a maturity of each of the computerized defensive controls comprising a level of fulfillment capability for each of the computerized defensive controls with respect to the control policy of the organization, and organizational assets each associated with at least one of the computerized defensive controls;
  
  compute a cyber attack risk of the organization in real time and automatically, by continuously conducting the cyber space external intelligence process and comparing the cyber space external intelligence to the organizational profile data, to compute a cyber attack risk score for each of the organizational assets; and
  
  issuing an overachievement alert when any of the levels of fulfillment of any of the computerized defensive controls exceeds the control policy of the organization, in accordance with a recommended scoring rule, to thereby prevent a waste of fulfillment effort.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
- - 10. The non-transient computer readable medium according to claim 9, wherein the instruction further cause the at least one hardware processor to provide a risk simulator configured to compute an effect of improving one or more of the computerized defensive controls on the cyber attack risk score.
  - 11. The non-transient computer readable medium according to claim 10, wherein said risk simulator is further configured to perform the computing of the effect for each of different ones of the computerized defensive controls, and to compute a tradeoff between improvement of different ones of the computerized defensive controls and the cyber attack risk score.
  - 12. The non-transient computer readable medium according to claim 9, wherein the instruction further cause the at least one hardware processor to display a dashboard comprising the cyber attack risk score for each of the organizational assets.
  - 13. The non-transient computer readable medium according to claim 12, wherein said display of the dashboard further comprises enabling a drill-down into one or more of the organizational assets, to display one or more computerized defensive controls associated with the one or more of the organizational assets.
  - 14. The non-transient computer readable medium according to claim 12, wherein the dashboard comprises a graphical, dynamic gauge for each of the organizational assets.
  - 15. The non-transient computer readable medium according to claim 9, wherein the instruction further cause the at least one hardware processor to compute a success probability score of one or more attack agents indicated by the cyber space external intelligence.
  - 16. The non-transient computer readable medium according to claim 9, wherein the instruction further cause the at least one hardware processor to compute a success probability score of one or more attack methods indicated by the cyber space external intelligence.

17. A decision support system comprising at least one hardware processor configured to:
- automatically conducting a cyber space external intelligence process that comprises periodically gathering intelligence on the state of a cyber landscape which is external to an organization for which the method is performed, wherein the intelligence comprises;
  
  (a) data on threat agents that have motivation and capability to carry out a cyber attack, the data comprising at least one of;
  
  objectives of the threat agents, capabilities of the threat agents, and resources of the threat agents, and(b) data on attack methods that are used for gaining access to critical components in a system or data in the system, wherein the gaining of access is with the intent of at least one of vandalizing, stealing, and denying access to the critical components in the system or the data in the system, respectively;
  
  collect organizational profile data from a user, wherein the organizational profile data comprises types of computerized defensive controls employed by the organization, a maturity of each of the computerized defensive controls comprising a level of fulfillment capability for each of the computerized defensive controls with respect to the control policy of the organization, and organizational assets each associated with at least one of the computerized defensive controls;
  
  compute a cyber attack risk of the organization in real time an automatically, by continuously performing said cyber space external intelligence process and comparing the cyber space external intelligence to the organizational profile data, to compute a cyber attack risk score for each of the organizational assets;
  
  supporting a decision on improvement of one or more of the computerized defensive controls by providing a risk simulator configured to compute an effect of improving one or more of the computerized defensive controls on the cyber attack risk score; and
  
  issuing an overachievement alert when any of the levels of fulfillment of any of the computerized defensive controls exceeds the control policy of the organization, in accordance with a recommended scoring rule, to thereby prevent a waste of fulfillment effort.
- View Dependent Claims (18, 19, 20)
- - 18. The decision support system according to claim 17, wherein said risk simulator is further configured to perform the computing of the effect for each of different ones of the computerized defensive controls, and to compute a tradeoff between improvement of different ones of the computerized defensive controls and the cyber attack risk score.
  - 19. The decision support system according to claim 17, wherein the at least one hardware processor is further configured to compute a success probability score of one or more attack agents indicated by the cyber space external intelligence.
  - 20. The decision support system according to claim 17, wherein the at least one hardware processor is further configured to compute a success probability score of one or more attack methods indicated by the cyber space external intelligence.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
SAUL Acquisition SUB LLC
Original Assignee
Cytegic Ltd (MasterCard Incorporated)
Inventors
Zandani, Shay
Primary Examiner(s)
Armouche, Hadi
Assistant Examiner(s)
Zarrineh, Shahriar

Application Number

US13/766,920
Publication Number

US 20130227697A1
Time in Patent Office

1,286 Days
Field of Search

726/25
US Class Current

1/1
CPC Class Codes

G06F 21/552   involving long-term monitor...

G06F 21/57   Certifying or maintaining t...

G06F 21/577   Assessing vulnerabilities a...

H04L 63/1425   Traffic logging, e.g. anoma...

H04L 63/1433   Vulnerability analysis

System and method for cyber attacks analysis and decision support

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

63 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for cyber attacks analysis and decision support

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

63 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links